Redirection and filtering Source Engine game traffic in a bundle with sqproxy
sqredirect attach eBPF filter(s) to network interface and manipulate with traffic targeting to game ports
eBPF is more efficient way to check/accept/drop packets in Linux
As redirection and filtering processed before any firewall rules applied, you also need ensure target (redirect) ports are accessable from external network. If your server placed behind NAT and all rules live in router, you do not need do anything.
- Linux
- Kernel version >= 4.4, check your by command: uname -r
- python2 or python3
TODO: Split into Ubuntu/Debian/Others like in bcc-tools README
- bcc-tools >= 0.10.0 (depends on Kernel version, see https://github.com/iovisor/bcc/releases)
- Install instruction (non-Debian 10)
- Install instruction (Debian 10)
- You can check the current version via
python -c 'import bcc; print(bcc.__version__);'
python -m pip install sqredirect
https://pypi.org/project/sqredirect/
Only by SQProxy
bcc-tools can't be used w/o root, see iovisor/bcc#1166
But you can use this snippet to restrict usage only to specified user/group:
TL;DR: move python redirect.py $@ to command and add permissions in /etc/sudoers
-
Copy content of this folder to
/usr/src/sqredirect -
Create file in
/usr/local/bin/sqredirectwith content:#!/bin/bash cd /usr/src/sqredirect exec python2 /usr/src/sqredirect/redirect.py $@
-
chmod +x /usr/local/bin/sqredirect -
Create group network and add user to group
addgroup network usermod -aG network <user-which-should-it-run>
-
Allow run
sqredirectcommand w/o root privilegesecho "%network ALL=(root) NOPASSWD: /usr/local/bin/sqredirect" > /etc/sudoers.d/network
More about sudoers: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file
Problem: I can't reach my server through network
Solution: Rollback any changes at network level, run in console (if you have access):
tc qdisc del dev eth0 root
replace eth0 with your interface name